[SingCERT] Alert on global spread of Ransomware Petya

  • in Cyber Security Agency News
  • by
  • 28 6 月, 2017
  • 在〈[SingCERT] Alert on global spread of Ransomware Petya〉中留言功能已關閉

Published on Wednesday, 28 June 2017 00:30

[SingCERT] Alert on global spread of Ransomware Petya
 
Background
on 27th June 2017, SingCERT was alerted to the global spread of a ransomware inspired by WannaCry, identified as Petya.Petya is more dangerous and intrusive as its behaviour is to encrypt the Master File Tree (MFT) tables for NTFS partitions and overrides the Master Boot Record (MBR) with a custom bootloader to display a ransom note and prevents victims from booting up. The new Petya version also included a similar SMB work based on the EternalBlue exploit.
 
Petya spread via email spam with booby-trapped Office documents.The documents, once opened, will download and run the Petya installer and execute the SMB worm to spread to other computers.
 
Affected system
The following Microsoft operating systems are currently suspected to be vulnerable
•Windows 10
•Windows RT 8.1
•Windows 8.1
•Windows 7
•Windows XP
•Windows Vista
•Windows Server 2016
•Windows Server 2012 and Window Server 2012 R2
•Window Server 2008 and Windows Server 2008 R2

Recommendations

SingCERT advises all users and companies with affected systems listed above to ensure that their windows-based systems are fully patched.

Users should ensure that their anti-virus software is updated with the latest malware definitions.

Users should perform file backups and store them offline in case they need to restore their systems following an attack.

References
Hackers strike across Europe : Http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/

Comments are closed.